Open emesik opened 6 years ago
I've just realized there's a possibility of making this attack 100% effective:
Please note that timing is not important here. There's no hurry in executing step 2, as merchant's node is already poisoned and yet it will not propagate R any further.
I'm afraid it makes 0-conf extremely vulnerable.
The attacker can't set the do_not_relay flag unless the attacker has the ability to access the RPC port on the merchant's node. That is highly unlikely (merchants relying on a node for their own security should certainly not make the same node available to the public).
Nevertheless 0-conf that relies on relay will never be safe or secure. That doesn't mean it can't be done, it is just an exercise in cost (risk) benefit tradeoff, which likely depends a lot on the nature and size of the transaction, along with similar factors.
This is worth reading for another method of attacking https://bitcoin.stackexchange.com/questions/4942/what-is-a-finney-attack
Thanks for the input on this!
Keeping the node private is already recommended in the server setup, but I will explicitly point this out in the documentation.
As a result, I will implement waiting for transaction confirmation when the payment exceeds a configurable amount as part of Milestone 2 or 3 of my FFS.
For a completely trustless setup (eg running own node), I don't know if anything else can be done to further reduce the risk except waiting for confirmation.
For additional security, the merchant could rely on a wallet hosting service which could provide additional security by reducing the risk of 0-conf double spending attacks.
Let's have an attacker with modified wallet trying to purchase goods from a merchant using Kasisto. The attacker's wallet is modified in a such way, that while apparently sending the transaction, it does as follows:
The results are:
What scenarios can we expect?
By rough statistics, the attacker has 25% of success, however:
Preliminary conclusions:
I think I could help with staging such attack scenario on the testnet, if you decide it's worth investigating.